This advisory corrects DSA 563-1 which contained a library that caused other programs to fail unindented.

For the stable distribution (woody) this problem has been fixed in version 1.5.27-3woody3.

For reference the advisory text follows:

A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.

For the unstable distribution (sid) this problem has been fixed in version 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of cyrus-sasl2.

We recommend that you upgrade your libsasl packages.

Upgrade Instructions---------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below: